On 2/24/20 3:13 PM, Christian Borntraeger wrote: > > > On 20.02.20 13:56, Janosch Frank wrote: >> When a guest has saved a ipib of type 5 and calls diagnose308 with >> subcode 10, we have to setup the protected processing environment via >> Ultravisor calls. The calls are done by KVM and are exposed via an >> API. >> >> The following steps are necessary: >> 1. Create a VM (register it with the Ultravisor) >> 2. Create secure CPUs for all of our current cpus > > maybe rephrase that to reflect the enable/disable change? Yep > >> 3. Forward the secure header to the Ultravisor (has all information on >> how to decrypt the image and VM information) >> 4. Protect image pages from the host and decrypt them >> 5. Verify the image integrity >> >> Only after step 5 a protected VM is allowed to run. >> >> Signed-off-by: Janosch Frank >> Signed-off-by: Christian Borntraeger [Changes >> to machine] > > [...] > >> diff --git a/hw/s390x/pv.c b/hw/s390x/pv.c >> new file mode 100644 >> index 0000000000..8ae20f31c1 >> --- /dev/null >> +++ b/hw/s390x/pv.c >> @@ -0,0 +1,106 @@ >> +/* >> + * Secure execution functions >> + * >> + * Copyright IBM Corp. 2020 >> + * Author(s): >> + * Janosch Frank >> + * >> + * This work is licensed under the terms of the GNU GPL, version 2 or (at >> + * your option) any later version. See the COPYING file in the top-level >> + * directory. >> + */ >> +#include "qemu/osdep.h" >> +#include >> + >> +#include >> + >> +#include "qemu/error-report.h" >> +#include "sysemu/kvm.h" >> +#include "pv.h" >> + >> +const char *cmd_names[] = { >> + "VM_CREATE", >> + "VM_DESTROY", > > ENABLE/DISABLE? Ack. > >> + "VM_SET_SEC_PARAMS", >> + "VM_UNPACK", >> + "VM_VERIFY", >> + "VM_PREP_RESET", >> + "VM_UNSHARE_ALL", >> + NULL >> +}; > > Wild idea. Not sure if this is acceptable in QEMU. > > These strings are only for the error_report, no? > Could we use a MACRO that uses this a as a string and b as the inter value? > > -static int s390_pv_cmd(uint32_t cmd, void *data) > +#define S390_PV_CMD(cmd, data) s390_pv_cmd(cmd, #cmd, data) > +static int s390_pv_cmd(uint32_t cmd, const char *name, void *data) > > > and then replace all calls with S390_PV_CMD. (Of course also change the > error report to use name). > >> + >> +static int s390_pv_cmd(uint32_t cmd, void *data) >> +{ >> + int rc; >> + struct kvm_pv_cmd pv_cmd = { >> + .cmd = cmd, >> + .data = (uint64_t)data, >> + }; >> + >> + rc = kvm_vm_ioctl(kvm_state, KVM_S390_PV_COMMAND, &pv_cmd); >> + if (rc) { >> + error_report("KVM PV command %d (%s) failed: header rc %x rrc %x " >> + "IOCTL rc: %d", cmd, cmd_names[cmd], pv_cmd.rc, pv_cmd.rrc, >> + rc); >> + } >> + return rc; >> +} > [...] > > Maybe also change the subject. We do more than just unpack. > The name is not about unpack, it's about the unpack facility